Monitoring your NetScaler Traffic with AppFlow
description
Transcript of Monitoring your NetScaler Traffic with AppFlow
![Page 1: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/1.jpg)
Monitoring your NetScaler Traffic with AppFlow
Dale McCoon
Senior Technical Support EngineerSUM308 – Monitoring your NetScaler Traffic with AppFlow
May 8th, 2012
![Page 2: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/2.jpg)
#CitrixSummit
Tweet about this session with hashtag #SUM308 and #CitrixSummit
![Page 3: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/3.jpg)
• Why Open Source Application visibility is important
• How AppFlow works
• Configuring Appflow on the NetScaler
• Interpreting the collected data
Agenda
#CitrixSummit
![Page 4: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/4.jpg)
Why Open Source Application visibility is important
![Page 5: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/5.jpg)
• Decentralized infrastructure makes monitoring difficult
• Multiple vendors offering different non-interoperable solutions
• Proprietary technologies decrease flexibility
• Bulky Agent software increases management overhead
• Network taps are expensive and impractical in the Cloud Era
Common Monitoring Issues Faced by Administrators
#CitrixSummit
![Page 6: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/6.jpg)
• More and more applications are moving to the Cloud
• Open Source Standard allows for homogeneous infrastructure
• Vendor lock in is no longer a concern
• Agent-less allows for the right tool for the job
• IETF standard defined in RFC 5101
• Allows for a “Full Picture” Solution
The AppFlow Solution
#CitrixSummit
![Page 7: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/7.jpg)
How AppFlow works
![Page 8: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/8.jpg)
• Using UDP as the transport protocol Appflow transmits the collected data called “flow records” to one or more IPv4 collectors
• Provides visibility for HTTP, SSL, TCP and SSL_TCP flows
• Various 3rd party collectors aggregate the collected traffic in real time (Splunk, SolarWinds)
• Feature introduced for AppFlow in NetScaler 9.3nc
• Available in NetScaler Standard, Enterprise, and Platinum
• Supported both on the MPX, VPX, and SDX
• AppFlow support in NetScaler 10 for DataStream and EdgeSight
How AppFlow Works
#CitrixSummit
![Page 9: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/9.jpg)
Data Flows that can be reported on
Client to VIP SNIP/MIP to Server
Server to SNIP/MIPVIP to Client
#CitrixSummit
![Page 10: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/10.jpg)
• Records transmitted in IPFIX format via the NSIP of the NetScaler
• IPFIX based off of Cisco’s NetFlow
• Each flow records contains a sequence number, so that the collector can see if there is a missed flow record
• No retransmission of missed flow records (function of UDP)
• Collector may be able to report on missed records
AppFlow Records
#CitrixSummit
![Page 11: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/11.jpg)
Appflow Records sent to Collector Via NetScaler
Appflow Collector
Client to VIPSNIP/MIP to Server
NSIP to Appflow Collector
#CitrixSummit
![Page 12: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/12.jpg)
Configuring AppFlow on the NetScaler
![Page 13: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/13.jpg)
• Enable the AppFlow Feature (enable feature AppFlow from the CLI or System-Settings-Configure advanced features and check the “AppFlow” box in the GUI)
• Add a Collector (default port is 4739)
• Add a AppFlow Action specifying a Collector
• Add a AppFlow Policy, define an expression
• Bind the Action to the Policy
Configuring AppFlow on the NetScaler
#CitrixSummit
![Page 14: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/14.jpg)
Configuring AppFlow on the NetScaler
#CitrixSummit
![Page 15: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/15.jpg)
• Bind AppFlow Policy either to the VServer or Globally
• Ensure AppFlow Logging is checked on the VServer or Service
Configuring AppFlow on the NetScaler (cont.)
#CitrixSummit
![Page 16: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/16.jpg)
Setting AppFlow Parameters
•Control what is sent to the Collector
•Tailor information sent to the collector to fit your environment
•Client Traffic only collects only client side traffic
•Multiple records in each UDP packet
#CitrixSummit
![Page 17: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/17.jpg)
Configuring the NetScaler to send Syslog info via Appflow
#CitrixSummit
![Page 18: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/18.jpg)
DataStream Support in NetScaler 10
#CitrixSummit
![Page 19: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/19.jpg)
EdgeSight Monitoring for AppFlow
#CitrixSummit
![Page 20: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/20.jpg)
Basic Troubleshooting
•Check if policy is being hit
•Nstcpdump.sh filtering UDP
•Network trace from Collector
•“Show run | grep appflow” to verify config from CLI
#CitrixSummit
![Page 21: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/21.jpg)
Verify HTTP (or other) data exists within the packet being transmitted to the Collector
Basic Troubleshooting
#CitrixSummit
![Page 22: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/22.jpg)
AppFlow Counters
• SNMP can be used to monitor AppFlow for ignored packets
• These values also translate into counters for the nsconmsg tool
• Information such as flow records transmitted, IPFIX records ignored, and IPFIX records not sent
• Can be useful for proactive monitoring of AppFlow itself
#CitrixSummit
![Page 23: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/23.jpg)
Interpreting the Collected Data
![Page 24: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/24.jpg)
#CitrixSummit
What exactly is traversing my Network?
![Page 25: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/25.jpg)
• Allows for analysis on all aspects of data passing through the NetScaler
• HTTP, TCP, Application Firewall, VPN, and UI among other statistics can be logged
• Grants a top down view of data that can be graphed and exported
• This allows for statistics to be logged, trends to be noticed quicker, easier, and action to be taken
• Quicker Time to Resolution when troubleshooting issues.
Interpreting the Collected Data
#CitrixSummit
![Page 26: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/26.jpg)
General Overview of Data via AppFlow
#CitrixSummit
![Page 27: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/27.jpg)
More Specific break down of Total Bytes Sent/Received
#CitrixSummit
![Page 28: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/28.jpg)
General Overview of Data via AppFlow
#CitrixSummit
![Page 29: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/29.jpg)
General Overview of Data via AppFlow
#CitrixSummit
![Page 30: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/30.jpg)
HTTP Visibility
#CitrixSummit
![Page 31: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/31.jpg)
HTTP Visibility
#CitrixSummit
![Page 32: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/32.jpg)
HTTP Visibility
#CitrixSummit
![Page 33: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/33.jpg)
HTTP Visibility
#CitrixSummit
![Page 34: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/34.jpg)
Application Firewall Visibility
#CitrixSummit
![Page 35: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/35.jpg)
Application Firewall Visibility
#CitrixSummit
![Page 36: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/36.jpg)
VPN Visibility
#CitrixSummit
![Page 37: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/37.jpg)
SSL VPN Visibility
#CitrixSummit
![Page 38: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/38.jpg)
SSL VPN Visibility
#CitrixSummit
![Page 39: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/39.jpg)
SSL VPN Visibility
#CitrixSummit
![Page 40: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/40.jpg)
In Depth Traffic Visibility
#CitrixSummit
![Page 41: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/41.jpg)
• www.splunk.com
• www.citrix.com/technologies/appflow
• AppFlow Configuration Guide - http://support.citrix.com/article/CTX130334
• How to Install and Configure Splunk for NetScaler for Application Firewall
Reporting - http://support.citrix.com/article/CTX132533
• NetScaler AppFlow Counters http://support.citrix.com/article/CTX132769
Resources
#CitrixSummit
![Page 42: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/42.jpg)
Q&A
![Page 43: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/43.jpg)
• Monitoring your Network traffic with AppFlow allows for:
• Visibility – What is my Network doing
• Accountability – Who is using my Network
• Seamless Integration – No Agents, No vendor lock in
AppFlow Overview
#CitrixSummit
![Page 44: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/44.jpg)
#CitrixSummit
We value your feedback!Take a survey of this session now in the mobile app
• Click 'Sessions' button
• Click on today's tab
• Find this session
• Click 'Surveys'
![Page 45: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/45.jpg)
#CitrixSummit
Before you leave…
• Conference surveys are available online at www.citrixsummit.com starting
Thursday, May 10○ Provide your feedback and pick up a complimentary gift at the registration desk
• Download presentations starting Monday, May 21, from your My Organizer tool located in your My Account
![Page 46: Monitoring your NetScaler Traffic with AppFlow](https://reader030.fdocuments.us/reader030/viewer/2022033019/56815b66550346895dc95701/html5/thumbnails/46.jpg)